package com.example.common.xss;

import org.apache.commons.text.StringEscapeUtils;
import org.springframework.util.MultiValueMap;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.support.DefaultMultipartHttpServletRequest;
import javax.servlet.http.HttpServletRequest;
import java.util.Map;

/**
 * @program: xss-demo
 * @description: 将文件数据解析成 MultipartFile 并封装在 MultipartHttpServletRequest (继承了 HttpServletRequest) 对象中，
 *               用于过滤包含文件参数的HttpServletRequest，最后传递给 Controller
 * @author: ChenZhiXiang
 * @create: 2019-07-22 14:22
 **/
public class XssMultipartHttpServletRequestWrapper extends DefaultMultipartHttpServletRequest {

    private SensitiveWord sensitiveWord;

    public XssMultipartHttpServletRequestWrapper(HttpServletRequest request, MultiValueMap<String, MultipartFile> mpFiles,
                                                 Map<String, String[]> mpParams, Map<String, String> mpParamContentTypes,SensitiveWord sw) {
        super(request);
        this.setMultipartFiles(mpFiles);
        this.setMultipartParameters(mpParams);
        this.setMultipartParameterContentTypes(mpParamContentTypes);
        sensitiveWord = sw;
    }

    @Override
    public String getHeader(String name) {
        return StringEscapeUtils.escapeHtml4(super.getHeader(name));
    }

    @Override
    public String getQueryString() {
        return SequenceTool.xssEncode(super.getQueryString()).toString();
    }

    @Override
    public String getParameter(String name) {
        return StringEscapeUtils.escapeHtml4(super.getParameter(name));
    }
}
